Wanna-Be, LLP

The evening of February 6th, the fourth anniversary of Anonymous’s forcible dissolution of the first toy infosec player, HBGary, there was a spirited discussion in an obscure IRC channel. The consensus was this:

The wanna-be infosec players of the world are resurgent. Many who participated in Operation Payback will remember Backtrace Security, whose claim to fame was producing large, incorrect invoices and small, equally incorrect spreadsheets ‘identifying’ anonymous actors. Consternation Security is a slightly less disreputable clone of Backtrace, and they actually manage to scare the unwary. Both seem to be active again. When you see one mouse in your kitchen that’s a proxy for a whole nest. There are other, less comical efforts, competent enough to avoid being named and characterized.

The Internet crushed the life out of HBGary during 2011’s Superbowl Sunday. Provide Security fled the scene of a hilarious social engineering leak in the first days of 2013. My recent 1st Amendment court victory ensures the eventual demise of one of the odder iterations of online mall cop hijinks, ViaView.

This happens against the backdrop of Snowden’s leak bulldozing NSA (US), GCHQ(UK), ASD(AU), CSEC(CA) and GBSC(NZ). The activity on Twitter is a sort of ‘social terrarium’, a microcosm hosting analogs of all of the real world entities, including a digital shadow for the Islamic State. ISIS online is about to face the newly reconstituted Chindits, Britain’s 77th Brigade of World War II Burma guerrilla warfare fame.

These phenomena are contagions, albeit complex and multifaceted.

The other major forces at work are the #GamerGate trolls versus feminist/LGBT Social Justice Warriors. This is energetic enough and similar enough to ISIS’s online activities that I think we’ll see some legislation as a result. I have been revisiting The Offensive Internet and I hope that we can repeal Section 230 of the Communications Decency Act of 1996. This was a wise law when the web was a toddler, but it’s now old enough to have graduated college, and has developed long term cyber-cesspools. These bastions of radical egalitarian absolutist free speech advocates (read: idiot trolls) are going to get similar treatment to ISIS.

Social media sites display a consistent cycle from inception to decline. Geocities fits as the first social media effort, and today a remanent remains in Japan. MySpace peaked in 2006 and has retained a niche in the music business. Facebook is bleeding teens to Instagram and Snapchat.

Twitter growth last quarter was a minuscule 1.4%. They are going to recover a bit thanks to a deal to let Google index the firehose, but this is consistent with what I’ve been saying – Twitter’s niche in its twilight years will be as the service that killed the RSS feed.

The self imposed quiet time I mentioned in Ethics In Game Journalism was not idle. The Twitter Recorder Machine (which I have written, but did not name) has been receiving steady attention. It does a passable job of handling accounts that are suspended, self-deleted, or switched to protected status. My Github account has begun to host configuration for what makes sense to do next: using mcabber to log Jabber chat rooms and irssi logging of IRC channels is just starting.

Overall, 2015 is going to be a year of things coming apart in the real world, and social media will parallel this.

Where do these trends this leave the wanna-be contingent?

Much of what those people do is pathological: Lonely schizotypal/schizophrenic adults play at spying, but they spin out or flee when the heat is on. dark triad manipulators like the target rich, largely consequence free environment. The highly personalized nature of social media is tailor made for conspiracy theorists, who are certain that random uncorrelated events are all organized by some amoral superman.

One of the documents from the Edward Snowden leak has lingered on my desktop for several weeks now, avoiding several filing pogroms. I take this as an indication I should be doing something more with The Art of Deception. The wanna-bes are an excellent set of guinea pigs; not so numerous, largely transparent in methods and motivations, and compulsively over-communicating in order to maintain their place in the pecking order.

If our government permits the Five Eyes agencies to do these things to society at large, surely there is no problem with you undertaking some experiments of your own, right?

Cyber Magicians

Cyber Magicians

An Open Letter to Kristen Johnston @kjothesmartass

The following was left as a comment on Kristen Johnson’s blog post Update:Gutless, with regards to the harassment she receives from disbarred lawyer Vincenza Spina.

Kristen,

Congrats on eight years. I just passed twenty a few weeks ago. It takes a lot of courage to clean house at forty, I feel so lucky that I ran out of steam in my mid-twenties.

Since I’ve posted here there will be a flood of venom. All I have to say in my defense is that I caught Lyme disease about the time you got sober and I’ve got all of the career and financial problems that come with chronic illness that has only let me work half time about three years out of the last eight.

Like what you are facing with Vincenza Spina, my life was invaded by a mentally ill woman in New Jersey back in 2010. She has induced a man on psychiatric disability to file charges against me, I’ve faced malicious prosecution efforts in half a dozen states, and I just won my fourth frivolous lawsuit. Part of the reason I get the attention I do is that I worked for a Hispanic Congressman during the 2010 election, and he retained a seat the Tea Party thought sure they would take.

My most recent court victory is a precedent setting 1st Amendment case in Texas. Thanks to the Texas Citizen’s Participation Act, the nation’s most aggressive anti-SLAPP statute. This James McGibney person you see mentioned in earlier comments is on track to owe my lawyer $220,000 and me as much as $1 million, thanks to a decision by the Texas 2nd State Appellate Court. There is a link on the masthead of my blog entitled ‘First Amendment’ that contains additional information on the case.

You were wise to suspend your Twitter account. I am afraid that you may have to leave it as nothing more than an announcement outlet. Even if you successfully put an end to Spina’s weird obsession with you there are a number of other equally twisted characters who are already aware of this conflict. The long term solution to this sort of thing is a bit of legislative reform. The top thinker on this is UMD law professor Danielle Citron, and her recent book, Hate Crimes In Cyberspace, lays out what we ought to do to drain cyber-cesspools such as BullyVille.

I’m not terribly difficult to reach for anyone legitimate – a connection request on LinkedIn works best. If your lawyer should need an assist in identifying or locating any of these goons who are bothering you I probably already have a file on them.

Neal Rauhauser

Ethics In Game Journalism

Three or four times a year we experience Mercury Retrograde, a period of about three weeks where the planet Mercury appears to move backward in its orbit, at least from our viewpoint here. There are plenty of fine astrology blogs out there so I am not going to digress, but this phenomenon, which started January 21st, is the least unusual explanation I can find for the events of recent days.

Retrograde Orbital Motion

Retrograde Orbital Motion

Israel’s Netanyahu Oversteps

The U.S. Congress generally bows and scrapes to Israel, fearing the lobbying power of AIPAC. John Boehner invited Israel Prime Minister Benjamin Netanyahu to address Congress on the first day of Mercury Retrograde, and now we are treated to the spectacle of fluffy leftist outlets like Fox News(!) berating him for this.

Israel is facing an International Criminal Court inquiry regarding war crimes in Gaza. Swarms of bots on Twitter are howling about apartheid, a term that is more and more being applied to Israel’s treatment of its Arab residents. The nature of this howling seems to be directed at providing a distracting, diffusing lesson on the fact that apartheid is a long resolved South African problem. I don’t plan these information operations, I just marvel over the seemingly ineffective content when I happen to see them.

Obama Unilaterally Disarms America

President Obama has called for a “War on Hackers“, which is a fitting end to a run that began with the attempt to paint Sony’s massive intrusion as a North Korean effort. Everyone who has ever worked in IT was waiting to see if the insider was a current employee, or if they were recently terminated.

Further from the halls of power but more serious is the 63 month sentence imposed on Barrett Brown for sharing a link in a chat room. Having been reformed by two and a half years of prison prior to sentencing, civil libertarians and reporters everywhere have set up a chorus over this insult. Quinn Norton has taken a step back from reporting on anything to do with the hacker world, which has long been her specialty.

I am a little over halfway through anthropologist Gabriella Coleman’s Hacker, Hoaxer, Whistleblower, Spy: The Many Faces Of Anonymous. I’m in there, on page 234, and uncredited again, just as I was in Parmy Olson’s earlier We Are Anonymous: Inside the Hacker World of Lulzsec. I never realized writing one little white paper about HBGary Federal would turn out to be such big thing, but it is what it is. Coleman is treating this book as a capstone and moving on to other pursuits after years of being a ‘daywalker’, a person with a name, but who was trusted within Anonymous.

And I would never dream of doing something like that today. Our government has such an irrational fear of leaks after Manning and Snowden, that we are literally going to demonize the very people who best know how to protect us. Books will be written about this mistake, starting in about three years, after the brain drain as the best of the best in that field go to Europe and Asia rather than coming here.

Ethics In Game Journalism

This post’s title is a reference to the nominal reason behind GamerGate, a nontroversy based on some interpersonal drama between a jilted boyfriend and his game developer girlfriend, which has metastasized into the troll equivalent of World War III. Zoe Quinn, the architect behind this kissing conspiracy has not yet been around to give me a peck on the cheek, but the flames of the conflict has been flickering close enough that I can feel the heat.

Once Quinn was terrified and out of her house, the attention swung to feminists in general, most of whom were neither involved in the game industry nor were they journalists, and then it settled down into the internet’s most reliable source of drama. As a “cishet white male” I am forbidden to actually name the specific demographic targeted; I’ll let you Google if you weren’t already aware.

Less explosive, at least for the moment, is #OpDeathEaters. It seems there really is a pedo-sadist ring infesting the British Parliament, and now there are chapters on four continents picking through the evidence of this loosely connected global conspiracy. They have explicitly stated that they don’t want any Illuminati chasers or Alex Jones listeners, and the U.K. story has legs in the straight news realm. I am not sure how well they are doing when it comes to keeping it reality based, but there is an inescapable hard kernel of truth in this, and it’s the sort of thing that can bring down a government if it gets just the right attention.

Cryptocurrencies, Cipherspace & Contagions

How do these events fit into the official direction for 2015/2016? They all have some aspect of being a contagion to them. I could not have articulated this when I began writing, but looking back I think they bother me because they involve groups that are too large for me to handle on my own. There are other reasons to pay attention beyond the mechanics of their spread, obviously, and maybe that is why they’re so present everywhere I turn.

I should have caught this and went to ground the night of January 20th. Better late than never – I’m checking out until the end of Mercury Retrograde, which is February 12th.

Laughable Security from @HackersList

A few days ago I noticed @HackersList, a service that pitches itself as a way for hackers and potential customers to meet. I tried to like it, truly I did, but the interface is hopelessly insecure.

The site has a polished, unique front end, suggesting that maybe someone has put some money into this.

Hackers List Front Page

Hackers List Front Page

I tried registering using Tor, which proved to be an exercise in futility. The site is Cloudflare protected and it puts up a captcha not just on initial contact, but it reappears again and again, seemingly almost at random. I give the site a 2/10 would not use if you need to actually protect your location.

I gave in, got one of those free VPN accounts from a provider I don’t use for anything else, fired up a virtual machine, and created a new identity from scratch. I was looking at a job and I found this under the message board option.

HackersList Bidding

HackersList Bidding

The links to the names are not URLs, but you can copy and paste that and see the profiles. Here’s kashiki, who is presumably one of the eight hopefuls for this job.

The links to the content are amenable to outside examination. I can map the hackers, their skills, and which jobs they are bidding on – this is the sort of metadata that leads to the narrowing of suspects, and then arrests shortly thereafter.

A bunch of the jobs posted are for acts which are blatantly criminal – mostly petty stuff: jilted boyfriend wants into ex-girlfriend’s Facebook, change my grades, or ‘password recovery’ gigs. Even so, HackersList is taking a cut and offering refunds for poor service. These people are apparently unaware of Title 18 § 1030 and Title 18 § 2

If you choose to proceed, there is a link, inexplicably named Hacker CP, which leads to the control panel. The acronym CP would be almost universally recognized as ‘child pornography’ by any actual hacker. That cultural misstep, coupled with the utter lack of sensitivity to what ought to not be visible, make this nice deal flowchart moot.

HackersList Control Panel

HackersList Control Panel

I review a lot of products and I very, very rarely write about something I didn’t like. Usually the most I will do is compare/contrast two or more competitors and suggest niches where each will fit. The only niche I see for @HackersList is as a broker for personal SEO/reputation management, and there are a number of jobs and purveyors of such services already present. The legitimate business will be overshadowed by the potential for civil or criminal troubles to simply take them out of the game on a moment’s notice.

Noise Floor Musings

Signal theory contains the concept of a Noise Floor, define thusly:

The noise floor is the measure of the signal created from the sum of all the noise sources and unwanted signals within a measurement system, where noise is defined as any signal other than the one being monitored.

Woodmen Building

Woodmen Building

Having spent some years installing point to point and multipoint microwave data systems I came to know this concept from a radio engineer’s perspective. A busy radio site will be full of licensed band transmitters, each of which manages to leak in some small way, contributing to a microwave ‘buzz’ in the unlicensed bands used by wireless ISPs. Countering this is a Feng Shui like art of antenna placement and polarization, amplifiers and filters, and in one extreme cases changing radios because the data/RF mixer phase happened to have a harmonic problem with a very hot licensed band neighbor. The photo above was taken during that particular episode.

Having read all of the documents from the Edward Snowden dump and written about it for Hacked.com there is one word that just jumps out.

FRAGILE

What the NSA can do is fragile; it depends on the subject using no countermeasures. Unlike the radio business, cryptographic feng shui is intended to blend what you’re doing with the noise floor, rather than elevating your signal above it. And this isn’t terribly difficult to accomplish. If you followed the roadmap in Chatting Safely Is Harder Than It Looks you’ve already done most of the learning needed.

The NSA’s observation capabilities when it comes to Tor traffic depend on you using the browser bundle and doing just one thing, so they can compare your bandwidth usage to what is seen elsewhere in the network. Doing two or more things in the same channel ruins their ability to attribute things. Here are some methods I’ve found which don’t require a lot of effort to maintain.

  • Configure cryptocoin wallet to use Tor proxy
  • Configure IRC client to use Tor proxy, lurk a few busy channels
  • Configure your Jabber client to use Tor everywhere
  • Create ssh hidden services, use these for server management
  • Configure email client to run on Tor, join some busy mailing lists
  • Use torrent sharing over Tor

The keys for concealment are picking things that are variable in nature. If you had some sort of streaming application, or you logged into a remote machine and ran the top utility, that is a smooth flow of data that could be separated from the rest of your signal, permitting some inference as to what you are doing. The cryptocoin wallet I used for my experiment was Paycoin and it added a regular low buzz.

Paycoin Via Tor Concealing Chat Sessions

Paycoin Via Tor Concealing Chat Sessions

Every chat client I use has a SOCKS5 configuration option and they all support Jabber, IRC, as well as other protocols. Chat is insensitive to delay and is a perfect candidate for this. Find a couple of busy channels to lurk and your conversations will easily blend into the mix.

An email client connected to a junk box account that collects mailing lists provides larger bursts of traffic at decidedly irregular, human mediated intervals. I am less sure about the value of torrent over Tor, as that’s an ongoing, large volume load. I guess it would be a benefit to the privacy cause if you’re hosting the latest TAILS and Whonix.

Thanks to Edward Snowden, we know this: Five Eyes Governments Going Blind. They are caught in something similar to a Red Queen’s Race against their own populations. Unlike the race, which leaves one party dead and the other so specialized it can not function in other contexts, what we can by enhancing both cryptography and its uptake provides benefits everywhere. Our financial sector is a rotten husk that will not survive Ethereum’s Brave New World.

The Post Snowden, Post Surveillance world is a reality. The passport to enter this realm is easily obtained; a little reading, a little experimentation, and with each passing day it’s getting easier.

Baltic Maps

German Empire 1871-1918

German Empire 1871-1918

Imperial German States

Imperial German States

Swedish Empire

Swedish Empire


Medieval Livonia

Medieval Livonia

Livonia 1534

Livonia 1534


Poland Lithuania 1600s

Poland Lithuania 1600s


Livonia 1600

Livonia 1600


Sweden in Baltic

Sweden in Baltic


Sweden 1560-1815

Sweden 1560-1815


Finnland Russian Territory

Finnland Russian Territory


Baltic Sea Ports

Baltic Sea Ports


Baltic North Sea Ferries Baltic North Sea Ferries[/caption]
Rail Baltica Regional

Rail Baltica Regional


Rail Baltica Estonia Routes

Rail Baltica Estonia Routes

Estonia Electrical Grid

Estonia Electrical Grid

Evaluating @Criticl_me

I am always checking new social networking sites and very few of them end up mentioned here, but after spending the last couple hours reading on criticl.me I created an account, nealr, and made my first post.

Attention Conservation: Follow No One

There is a post here using the name Attention Conservation: Follow No One, which is a week old and has presumably been read by everyone that plans to do so.

I see one person I know IRL and one immediate problem – the site counts a hit as a read, and my article will have 9,000 reads in fairly short order.

over9000